Skip to content

catz.c - masters not renamed to primaries

Summary

I'm setting up catalog-zones and couldn't get it to work, no matter how i formatted "primaries" it didn't work and i got the following log on slave:

Jul 12 08:03:07 slave1 named[8610]: catz: updating catalog zone 'catalogzone' with serial 21071121
Jul 12 08:03:07 slave1 named[8610]: catz: unknown record in catalog zone - 1.primaries.catalogzone IN A(failure) - ignoring

After checking through catz.c source-code it's clear that it only expects "masters", not "primaries". You should probably add a clause checking for "primaries" here: https://gitlab.isc.org/isc-projects/bind9/-/blob/main/lib/dns/catz.c#L899-913

BIND version used

vagrant@slave1:/var/cache/bind$ named -V
BIND 9.16.1-Ubuntu (Stable Release) <id:d497c32>
running on Linux x86_64 5.4.0-74-generic #83-Ubuntu SMP Sat May 8 02:35:39 UTC 2021
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--disable-isc-spnego' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-QF7jf9/bind9-9.16.1=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 9.3.0
compiled with OpenSSL version: OpenSSL 1.1.1f  31 Mar 2020
linked to OpenSSL version: OpenSSL 1.1.1f  31 Mar 2020
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.4.2
threads support is enabled

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP

Steps to reproduce

Following the documentation which specifies that "primaries" should be used, a catalog-zone with the following fails:

$TTL 3600
;                  YYMMDDHHmm REFRESH RETRY EXPIRE TTL
@       IN SOA . . 21071121 86400   3600  86400  3600
@       IN NS  invalid.
version IN TXT "2"

; Add masters
1.primaries              0 IN A 192.168.50.4

; Default is to allow querying of all zones by anyone
allow-query             0 IN APL ( 1:0.0.0.0/0 )

; List of zones which servers should be secondaries for.
a1fffa835b1f98c8a88918adc7d0138cd2f30b42.zones  IN PTR  10.in-addr.arpa.

While this works:

$TTL 3600
;                  YYMMDDHHmm REFRESH RETRY EXPIRE TTL
@       IN SOA . . 21071121 86400   3600  86400  3600
@       IN NS  invalid.
version IN TXT "2"

; Add masters
1.masters              0 IN A 192.168.50.4

; Default is to allow querying of all zones by anyone
allow-query             0 IN APL ( 1:0.0.0.0/0 )

; List of zones which servers should be secondaries for.
a1fffa835b1f98c8a88918adc7d0138cd2f30b42.zones  IN PTR  10.in-addr.arpa.

What is the current bug behavior?

Master servers / Primaries for a zone are ignored on catalog-zone slaves.

What is the expected correct behavior?

Master servers / Primaries for a zone should be picked up on catalog-zone slaves.

Possible fixes

https://gitlab.isc.org/isc-projects/bind9/-/blob/main/lib/dns/catz.c#L899-913

Add a check for primaries as well as masters:

catz_get_option(const dns_label_t *option) {
	if (catz_opt_cmp(option, "zones")) {
		return (CATZ_OPT_ZONES);
	} else if (catz_opt_cmp(option, "primaries")) {
		return (CATZ_OPT_MASTERS);
	} else if (catz_opt_cmp(option, "masters")) {
		return (CATZ_OPT_MASTERS);
	} else if (catz_opt_cmp(option, "allow-query")) {
		return (CATZ_OPT_ALLOW_QUERY);
	} else if (catz_opt_cmp(option, "allow-transfer")) {
		return (CATZ_OPT_ALLOW_TRANSFER);
	} else if (catz_opt_cmp(option, "version")) {
		return (CATZ_OPT_VERSION);
	} else {
		return (CATZ_OPT_NONE);
	}
}
Edited by Oskar Stenman
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information